Hacked Florida water plant was still using Windows 7

News
By
published

Investigators call attack on Oldsmar water supply system “unsophisticated”

Start Menu
(Image credit: Microsoft)

More details have emerged about the recent cyberattack on a water treatment utility in the city of Oldsmar, Florida, with the facility involved apparently still using outdated Windows 7 PCs.

Reports quote investigators as saying that “the cyber actors likely accessed the system by exploiting cybersecurity weaknesses, including poor password security and an outdated Windows 7 operating system to compromise software used to remotely manage water treatment.” 

The hack, which could have caused a major catastrophe had it not been for an alert supervisor, has once again brought the spotlight on the threat to operational technology in civil infrastructure.

Poorly configured systems

Microsoft ended mainstream support for Windows 7 on January 13, 2015, though it continued to receive security updates. However, Windows 7 finally reached end-of-life over a year ago on January 14, 2020 when Microsoft ceased to provide any update for the operating system, urging users to switch to Windows 10.

Despite this millions of users still haven’t updated from Windows 7. As it turns out, the Oldsmar county’s water treatment plant is one of them.

Dubbing the attack as “relatively unsophisticated”, the investigators shared that the attacker likely used the TeamViewer remote desktop sharing software to make his way into the system.

Speaking to TechRadar Pro, Eddie Habibi, Founder of PAS, which provides software solutions to prevent exploitation of operational technology, agreed, adding that “while much of the coverage of the cyber risk to critical infrastructure to date has focused on the age of many industrial control systems and the fact that they were not designed and deployed with security in mind, in this case, the attack vector appears to have been the increased level of remote access enabled by the Florida county.”

Via: Engadget

TOPICS
Mayank Sharma
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Latest in Pro
Homepage of Manus, a new Chinese artificial intelligence agent capable of handling complex, real-world tasks, is seen on the screen of an iPhone.
Manus AI may be the new DeepSeek, but initial users report problems
healthcare
Software bug meant NHS information was potentially “vulnerable to hackers”
Hospital
Major Oracle outage hits US Federal health record systems
A hacker wearing a hoodie sitting at a computer, his face hidden.
Experts warn this critical PHP vulnerability could be set to become a global problem
botnet
YouTubers targeted by blackmail campaign to promote malware on their channels
A computer screen showing a spreadsheet in use.
This entire nation's public health department was found to be running on a single Excel spreadsheet
Latest in News
Apple's Craig Federighi demonstrates the iPhone Mirroring feature of macOS Sequoia at the Worldwide Developers Conference (WWDC) 2024.
Report: iOS 19 and macOS 16 could mark their biggest design overhaul in years – and we have one request
Lego Mario Kart – Mario & Standard Kart set on a shelf.
Lego just celebrated Mario Day in the best way possible, with an incredible Mario Kart set that's up for preorder now
TCL QM7K TV on orange background
TCL’s big, bright new mid-range mini-LED TVs have built-in Bang & Olufsen sound
Apple iPhone 16e
Which affordable phone wins the mid-range race: the iPhone 16e, Nothing 3a, or Samsung Galaxy A56? Our latest podcast tells all
Homepage of Manus, a new Chinese artificial intelligence agent capable of handling complex, real-world tasks, is seen on the screen of an iPhone.
Manus AI may be the new DeepSeek, but initial users report problems
Google Maps
Nightmare Google Maps glitch is deleting timelines, and there isn't a fix yet
More about pro
Ryzen AI Max+ 395

Race to launch most powerful AI mini PC ever heats up as GMKTec confirms Ryzen AI Max+ 395 product for May 2025
Whirlwind I Computer

Happy birthday, Director! The first operating system in the world turns 70 today
Netflix

Netflix tried to fix 80s sitcom A Different World with AI but it gave us a different nightmare
See more latest
Most Popular
Ryzen AI Max+ 395
Race to launch most powerful AI mini PC ever heats up as GMKTec confirms Ryzen AI Max+ 395 product for May 2025
Apple iPhone 16e
Which affordable phone wins the mid-range race: the iPhone 16e, Nothing 3a, or Samsung Galaxy A56? Our latest podcast tells all
Apple's Craig Federighi demonstrates the iPhone Mirroring feature of macOS Sequoia at the Worldwide Developers Conference (WWDC) 2024.
Report: iOS 19 and macOS 16 could mark their biggest design overhaul in years – and we have one request
Whirlwind I Computer
Happy birthday, Director! The first operating system in the world turns 70 today
Lego Mario Kart – Mario & Standard Kart set on a shelf.
Lego just celebrated Mario Day in the best way possible, with an incredible Mario Kart set that's up for preorder now
Tesla Model 3
Tesla's EV sales are plummeting – as used Model Y and Model 3 prices crash to bargain levels
TCL QM7K TV on orange background
TCL’s big, bright new mid-range mini-LED TVs have built-in Bang & Olufsen sound
A computer screen showing a spreadsheet in use.
This entire nation's public health department was found to be running on a single Excel spreadsheet
Person using Dyson V8 vacuum
Dyson vacuums have one big problem and I don't understand why
Glowing server racks inside a data center.
The dirty little secret about AI hardware that you should know about: server vendors have to wrestle with wafer thin margins and bigger customers